SecureLint – Secret Masking & Phishing Shield

🔒 SECURELINT – SENSITIVE DATA PROTECTOR & PHISHING SHIELD

SecureLint automatically detects and masks sensitive data — API keys, passwords, tokens, credentials, and personal information — as you type or paste into any web-based editor. It also blocks phishing sites, malware domains, and IT-restricted websites in real-time before they can reach you.

────────────────────────────────────────
🌟 KEY FEATURES
────────────────────────────────────────

🔍 Universal Editor Support
Works across all major web editors and platforms:
• Standard inputs, textareas, and contenteditable elements
• Rich text editors: CodeMirror, Monaco, Ace, TinyMCE, CKEditor
• Popular productivity, project management, email, and coding platforms

🎨 Editor Overlay
• A subtle icon appears at the bottom-right of any active editor
• Shows a live count of detected secrets, color-coded by severity
• Hover to see exactly what was detected and the risk level
• Non-intrusive — disappears when you are not in an editor

🛡️ Real-Time Phishing & Malware Protection
• Blocks dangerous sites BEFORE they load using a 2.5M+ domain blocklist
• 14-layer detection engine: bloom filter, URL heuristics, homograph/IDN analysis, typosquat detection, domain-age check, SSL certificate validation, and public transparency report checks
• Page-content scanning for credential-harvesting, crypto-drainer, and social-engineering language
• Beautiful warning page shows trust score, domain age, SSL status, blocklist status, and detailed detection reasons
• If public safety checks confirm a site is safe, it is automatically unblocked — zero false positives from local heuristics

📧 Webmail Protection
• Detects and masks secrets typed or pasted into email compose fields
• Shows a DLP warning if sensitive content is detected before you send
• Checks whether the email is addressed outside your organisation (Enterprise only)
• All checks are local — no email body content is ever transmitted

🔗 Hovered Link Safety Score
• Hover over any link to see an instant threat score before you click
• Scans the domain in the background using GTR reputation, SSL checks, and local blocklist
• Lightweight tooltip — safe score shown in milliseconds

🚨 4-Level Risk Classification
• 🔴 Critical – Private keys, cloud provider credentials, certificate secrets
• 🟠 High – Passwords, API keys, OAuth tokens, database URLs
• 🟡 Medium – Emails, phone numbers, national ID numbers, connection strings
• 🔵 Low – Generic tokens, test credentials, low-risk identifiers

🧠 Context-Aware Masking
• Development Mode: Shows partial secrets (sk-1234****5678) for debugging
• Content Writing Mode: Full masking (***API_KEY***) for blogs and documents
• Automatically detects which mode applies based on URL, element type, and content

⚙️ Fully Configurable
• Toggle detection globally or per-site
• Set minimum severity level for auto-masking
• Choose masking style: Smart, Full, Compliance-Safe, or Context-Aware
• Exclude specific websites from scanning
• Export detection reports

🔐 100+ Detection Patterns including:
• Major cloud provider credentials and access keys
• JWT tokens, OAuth access/refresh tokens
• Database connection strings (relational, NoSQL, in-memory)
• Private keys and certificates (RSA, EC, PGP)
• Payment, messaging, and developer service API key formats
• National ID numbers, credit card patterns, and PII

────────────────────────────────────────
🏢 ENTERPRISE & PRO — FOR IT & SECURITY TEAMS
────────────────────────────────────────

SecureLint includes Pro and Enterprise tiers designed for organisations:

🚫 WAF Social & Content Blocking (Pro & Enterprise)
• IT administrators define a blocklist of domains (social media, streaming, non-work sites) via the SecureLint admin panel
• Users on managed devices are instantly blocked when navigating to listed domains — no page content loads
• Domain lists sync every 60 seconds so policy changes take effect immediately
• Domain-list blocks cannot be bypassed by end users

📧 Email DLP — Outbound Data Loss Prevention (Enterprise)
• Monitors outbound emails on webmail clients for personal or non-approved recipient domains
• Warns or blocks sending based on your IT security policy (WARN / BLOCK mode)
• 50-second countdown warning with regulatory references (GDPR, DPDP Act, IT Act, CCPA)
• Automatically adds the IT admin address to BCC if the user proceeds after a warning
• Only recipient addresses are checked — email body and subject are never read or transmitted

🔞 Adult-Content Detection (Enterprise)
• When enabled by IT, the extension scans visible page text locally for adult/explicit content
• Pages with explicit material are blocked with a policy warning
• No page content is ever transmitted — scanning is 100% in-browser

🛡️ Enterprise Incident Reporting
• IT administrators can enable centralised incident reporting from within the extension settings
• When enabled, the extension sends masked detection reports to the organisation's SecureLint security dashboard
• Reports include: secret type, severity level, masked preview (e.g. AKIA****XXXX), page URL and title, and employee email — RAW SECRET VALUES ARE NEVER SENT
• Allows the IT/security team to:
– Detect recurring leak patterns across the organisation
– Alert the employee and trigger secret rotation before damage occurs
– Meet compliance and DLP (Data Loss Prevention) requirements
• This feature is OFF by default — only an IT admin can enable it
• Employees are notified via a visible "Enterprise Reporting ACTIVE" banner inside the extension popup

────────────────────────────────────────
🔏 PRIVACY
────────────────────────────────────────

For Free and Pro individual users:
• All detection, masking, and phishing checks happen 100% locally in your browser
• No page content, typed text, or detected secrets are ever sent to any server
• Phishing checks use only public, keyless transparency report endpoints — no user data is sent, only the URL is queried
• Only your extension settings are synced if you create an optional account

For Enterprise users:
• Masked incident reports are sent to your organisation's admin dashboard only when your IT admin explicitly enables this
• Domain lists are fetched from your organisation's settings via authenticated HTTPS
• Raw secret values and page content are never transmitted — only masked previews and metadata
• Full disclosure: https://securelint.in/privacy.html

────────────────────────────────────────
👥 WHO IS THIS FOR?
────────────────────────────────────────

✅ Developers – Catch hardcoded secrets before they leak in code reviews or collaboration tools
✅ Security Engineers – Enforce secret hygiene across teams working in web tools
✅ Content Writers – Mask sensitive info before pasting into documents or emails
✅ DevOps Teams – Prevent credentials from appearing in chat or ticket systems
✅ IT Admins – Deploy enterprise-wide DLP with centralised incident visibility, phishing protection, and site blocking
✅ Remote Workers – Stay protected from phishing and social engineering on managed devices

────────────────────────────────────────
📋 PERMISSIONS EXPLAINED
────────────────────────────────────────

SecureLint requests only the permissions it needs:

• Access to all websites: Required to detect secrets on any site and to run phishing checks on navigated URLs. All scanning is local.
• Storage: Saves your settings, cached scan results, and domain lists locally.
• Scripting: Reads visible page text locally for phishing content analysis and enterprise content scanning. Text is processed in-browser and never transmitted.
• Web Navigation: Monitors navigation events to block known phishing domains before pages load and run security scans after pages load.
• Tabs: Sends setting updates to open tabs and reads the active tab URL for phishing detection context.
• Active Tab: Allows the popup to display live detection stats for the current page.
• Alarms: Schedules periodic settings sync (every 60 seconds) and storage cleanup.
• Notifications: Alerts you when a critical secret is detected (optional, can be disabled).
• Downloads: Used only if you export a detection report to a file on your device.
• Context menus: Adds "Scan page for secrets" and "Mask selected text" right-click options.

Full permission and privacy details: https://securelint.in/privacy.html

────────────────────────────────────────
🔗 LINKS
────────────────────────────────────────

• Website: https://securelint.in
• Privacy Policy: https://securelint.in/privacy.html
• Support / Feedback: [email protected]
• Manifest V3 · Minimum Chrome 88+